CNNVD-202511-2422 Information

CNNVD ID

CNNVD-202511-2422

Related CVE

CVE-2025-65111

• CNNVD Published: 2025-11-21

Description (Chinese)

SpiceDB是Authzed团队的一个细粒度权限数据库。 SpiceDB 1.47.1之前版本存在安全漏洞，该漏洞源于权限定义不当，可能导致LookupResources结果缺失。

Description (English)

SpiceDB is a fine-particle access database for the Authzed team. There was a security loophole in the previous version of SpiceDB 1.47.1, which stemmed from an inappropriate definition of privileges, which could lead to the absence of the LookupResources result.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Authzed

Published

2025-11-21

Last Modified

2026-02-24

References

https://github.com/authzed/spicedb/commit/8c2edbe1e7bd3851fa2138f4cc344bfde986dcf2 https://github.com/authzed/spicedb/security/advisories/GHSA-9m7r-g8hg-x3vr

Patch

https://github.com/authzed/spicedb/releases